Good day community,

A customer considers Azure MFA in a per-authentication model, because they have far more external users than internal employees.

Microsoft counts and bills both succesful as failed (denied) authentications, so the customer wonders:

What happens if somehow (a hacker/robot) generates tons of failed authentications? Will Microsoft bill the customer accordingly or are there other mechanisms in place to prevent this?

Thank you,

Cheers Mike